First Flight #7: Horse Store
First Flight #7
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

`HorseStore.huff::FEED_HORSE` reverts when the timestamp is modulo 17

n0kto

Description

In the FEED_HORSE macro, the three lines below calculate the modulo 17 of the timestamp. The issue arises when the timestamp is a multiple of 17, resulting in the modulo operation producing 0. Consequently, the jump instruction is skipped, leading to a transaction revert. It's important to note that Solidity code does not inherently include this specific calculation.

@> 0x11 timestamp mod // [timestamp % 17]
@> endFeed jumpi // will revert each time timestamp is modulo 17
@> revert
endFeed:
stop
}

Impact

The impact includes a denial of service with a probability of 1/17 (each time the timestamp is a multiple of 17). This behavior is non-conforming to Solidity code, causing confusion for users, developers, and auditors.

Proof of Concept

Foundry PoC
function testTimestampMod17() public {
vm.prank(user);
horseStore.mintHorse();
vm.warp(172805); // multiple of 17 (2 days + 5s)
horseStore.feedHorse(0);
}

Recommended Mitigation

To address this issue, remove the three lines above and the label for the jump:

#define macro FEED_HORSE() = takes (0) returns (0) {
timestamp // [timestamp]
0x04 calldataload // [horseId, timestamp]
STORE_ELEMENT(0x00) // []
// End execution
- 0x11 timestamp mod
- endFeed jumpi
- revert
- endFeed:
stop
}
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

FEED_HORSE() macro does not allow users to feed a horse if the timestamp is divisible by 17

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.